involves distribution centers,

refrigerated trucks and cold storage facilities.

And each of these could be a target for hackers.

- COVID has been just a golden opportunity

for cyber criminals and they've taken full advantage of it.

- [Narrator] Since the start of the pandemic,

there have been attempts to scam individuals

and businesses for money,

as well as steal vaccine research

or hold data ransom for a payment.

And a week before the first vaccinations in the world

began in the UK, INTERPOL warned that criminal organizations

were planning to infiltrate and disrupt

the vaccine supply chain.

Hackers are looking for a way

to tamper with the distribution.

The cold chain network that enables the delivery

of temperature sensitive COVID-19 vaccines,

like the one developed by Pfizer and BioNTech,

that has to be kept at -70 degrees Celsius.

- The payoffs are really big.

The people that are doing it are increasingly sophisticated.

- [Narrator] So are hackers targeting the vaccine rollout

and is there a way to stop them?

Hackers have been honing their skills for years

by going after hospitals.

- The average hospital doesn't have very good cybersecurity.

Criminals are eager to take advantage

of the concern that the virus has raised.

- [Narrator] Jim Lewis leads a cybersecurity team

into a Washington based think tank.

He says the easiest tool for hackers is phishing.

- You send an email out to a hundred people,

the odds are very good that two of them will click on it.

What the COVID vaccine creates

is the opportunity to do this on a massive scale

and that means you can ask for a massive ransom.

- [Narrator] If someone clicks on a malicious link

or opens an attachment,

the person may be prompted to download malware

or enter login details,

giving the attacker access to the network and its data.

During the pandemic, phishers setup bait

with emails sent to hospitals about COVID-19 prevention

and setting up pandemic funds.

And now that the vaccines are on their way,

hackers are taking on new identities

to infiltrate cold chain companies,

like ones that manufacture solar panels

to power refrigerators or IT firms

that support biotech and pharmaceutical clients.

- I think the messages were very specifically crafted

to get people at these companies to respond

but in general, this whole problem of Corona virus

being a lure for scammers is huge.

- [Narrator] IBM recently tracked down

a phishing campaign that targeted

a variety of these companies.

The hacker was disguised as a project manager

from the Chinese company, Haier Biomedical

which, his website says,

is the world's only complete cold chain provider.

The writer said it would send an

advance payment of around $220,000.

The message went on to ask that the reader

review the attached draft contract,

which is actually a malicious attachment.

IBM says it's unclear if any victims

clicked on the file and fell for this scam

and doesn't know which nation state might be behind it.

If there were any victims,

IBM says the harvested credentials

could give the hacker insight into internal communications

as well as methods and plans

to distribute the COVID-19 vaccine.

Haier Biomedical says it condemns the perpetrators

of the phishing email

and is working with international organizations

to ensure that these incidents

don't deter the fight against the pandemic.

But if hackers do successfully access the system,

they can encrypt the data, making it unreadable.

This can happen to logistics companies

responsible for delivering the vaccine.

- And so you could imagine a locking up the supply chain,

locking up distribution codes, or locking the trucks

and saying, unless you pay, you won't be able to deliver.

- [Narrator] But some systems in the cold chain

would be harder to hack.

- Yeah, the actual operation of a refrigerator,

that would be a specialized operating system

and that would be configured in a way that was unusual so

they have to figure out how they work.

- [Narrator] So what's more likely to happen

is that hackers will go after low hanging fruit.

- They're already making tons of money

just hitting standard windows operating machines.

So if you were working for a refrigeration company,

I'd be worried about the sort of the back office equipment

that the salespeople use, the laptops and the desktops

and maybe some of the servers.

- [Narrator] After all, according to a survey

by a healthcare IT consultant,

80% of health professionals say their hospitals

still use legacy systems, such as Windows 2008.

- You need to do basic cyber hygiene

which includes training, two factor authentication,

making sure your patches and updates are installed,

but on top of that, you need to back up your data

and think about how you're gonna use cloud services.

- [Narrator] But given the high stakes

of getting more people vaccinated,

no amount of drills may prepare the cold chain

for the months to come.

- This has changed from efforts to steal the formula,

to efforts to blackmail people about distribution.

So we're seeing the cyber crime evolve

when it comes to COVID.